Lavabit Tried Giving The Feds Its SSL Key In 11 Pages Of 4-Point Type; Feds Complained That It Was Illegible

from the kudos-to-ladar dept

We already wrote about the basics of Lavabit's Ladar Levison standing up to the feds, however, the full filing has now been released, and (on top of that), Kevin Poulsen has updated his story with more details, so it's worth digging in a bit. Lavabit was hit with an initial pen register, which it refused, leading to the order to hand over the SSL keys. The new details show that Lavabit explained to the judge that giving up Lavabit's SSL keys wouldn't just let the feds spy on Snowden, but all of Lavabit's customers, and for obvious reasons, the company had a huge problem with that:

“The privacy of … Lavabit’s users are at stake,” Lavabit attorney Jesse Binnall told Hilton. “We’re not simply speaking of the target of this investigation. We’re talking about over 400,000 individuals and entities that are users of Lavabit who use this service because they believe their communications are secure. By handing over the keys, the encryption keys in this case, they necessarily become less secure.”

And it becomes clear that Levison then was actually willing to abide by the initial pen register, to basically figure out a way to just tap Snowden, but at this point the government was no longer willing to stop there. The government pushed for getting the SSL key, basically promising not to abuse it:

“We can assure the court that the way that this would operate, while the metadata stream would be captured by a device, the device does not download, does not store, no one looks at it,” [Prosecutor James] Trump said. “It filters everything, and at the back end of the filter, we get what we’re required to get under the order.”

“So there’s no agents looking through the 400,000 other bits of information, customers, whatever,” Trump added. “No one looks at that, no one stores it, no one has access to it.”

The judge then made a ruling that should cast a massive chill over anyone setting up private communications services:

[The government's] clearly entitled to the information that they're seeking and just because you-all have set up a system that makes that difficult, that doesn't in any way lessen the government's right to receive that information just as they could from any telephone company or any other e-mail source that could provide it easily."

Yikes. So, even if you set up a secure communication system, this judge says that you have to let the feds wiretap it.

Somewhat amusingly, Lavabit tried to comply "by turning over the private SSL keys as an 11 page printout in 4-point type." The feds complained that "the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data." Poor, poor FBI. The judge has no problem putting a massive burden on Lavabit, but asking the FBI to actually do some data entry is too onerous? Yup. Apparently. The court then ordered Levison to provide a more useful electronic copy, which then resulted in the $5,000/day fine for failing to live up to that, and then the closure of the site.

Re: Re:

Re:

"11 pages of 4pt text is significantly more than 2560 characters.. A typical page would be around 36000 characters."

even 12-point text (regular size) is just over a page long.

i think he did it that way to make it more cumbersome. that is, it's *conceivable* that they could scan a single-page document with a hi-res scanner, blow it up, and then try their luck at deciphering the characters. he probably spread it out over many pages and they weren't numbered, so you don't know which character comes next. plus, it's just a bit more ass-holey. that's my guess.

Re: Here's your problem

President Lincoln (and the governors of the confederate states) would have disagreed with you on that one. ;) Millions of US and CS soldiers died over that concept. States refusing to (likely/potentially) give up a way of life, versus a federal government that was literally facing extinction and (likely/potential) foreign invasion. Industrialization ironically would make the very concept of plantations obsolete. You'd still have 'wage slaves' though, where people get stuck buying from the company store, paying company rent... Coal miners and loggers rioted over this, but that's another story.

Not saying it's "right" to have absolute monarc-I mean slav- err I mean national socialism. Just that it's been established for over a century in the USA that the constitution as much protects the government as it does the citizens, in this republic. Go and openly make threats against that judge just because you disagree and see what happens. You'll be arrested as quickly as you can say "intimidating government official". The fact that the government itself made the decision to give themselves more power is like a kid in a candy store saying they can have more... It's their job and perogative/self-interest to do so. In the long term, you're trading stability, safety, and security for power, though.

Talk about deja vu...

“We can assure the court that the way that this would operate, while the metadata stream would be captured by a device, the device does not download, does not store, no one looks at it,” [Prosecutor James] Trump said. “It filters everything, and at the back end of the filter, we get what we’re required to get under the order.”

“So there’s no agents looking through the 400,000 other bits of information, customers, whatever,” Trump added. “No one looks at that(1), no one stores it(2), no one has access to it(3).”

'No see, just because we could go over all the data, looking for interesting bits of information on people who had nothing to do with our investigation, of course we'd never do something like that, as we've only got authorization to monitor one account, and doing otherwise would be wrong.'

Hmm, now where have I heard that kind of argument before?

(1) Until we get around to it.
(2) Honest, we pinky-swear we'd never store data after saying we wouldn't.
(3) Well, except anyone with access to a computer and enough clearance, or any other agency that would love to get their hands on the data stream as well...

Re: Talk about deja vu...

Man, those pinky-swears are sooooo restrictive that I just KNOW that the participating parties would NEVER violate such a oath. Take our elected, appointed, and hired officials, and how seriously they take THEIR oaths of office.............................................................................................. .................................................................................................... ..................................................................oh wait...

RetroShare is free software for encrypted, filesharing, serverless email, instant messaging, chatrooms, and BBS, based on a friend-to-friend network built on GPG (GNU Privacy Guard). It is not strictly a darknet since optionally, peers may communicate certificates and IP addresses from and to their friends.

Lavabit founder could contact one of those projects or all of them to see how he could build an email service on top of those anonymous secure platforms in a business like environment, using his servers to just speed up the process instead of handling the encryption and delivery and performing non critical services for clients wink, wink :)

Re: Re: Re: Re:

Re:

They've likely known about Freenet+FMS, for years. You don't even need to worry about traffic analysis, AFAIK. It would still be wise to use PGP or similar program's clipboard functionality. I assume they're not incompetent as attorneys in this field. They pretty much HAVE to know about it!

Re: Government

Plain epic win for this guy. There's a certain Nobel prize deep buried in rotten shit that could be awarded to Mr Ladar. Maybe peace has nothing to do with what he did but then again the holder is doing stuff that are the polar opposite of peace so why bother with specifics?

Re: Re:

Judge is right

Basically, what the judge said is correct: "just because you-all have set up a system ..., that doesn't in any way lessen the government's right to receive that information".

In other words, US have laws which explicitly allow wiretapping. Nothing extraordinary about it. Remember, this government official gave sword testimony, and judge have no reason to think he's lying. If this official says "we're not looking", what do you thing judge will do, say: "nah, don't believe you"?

Re: Judge is right

Wrong, judges have an obligation to be distrustful of any statements issued in his court, the law deals with facts not statements, if the government can't prove what they say it is a fact then there is no reason to believe it now is there?

Re: Judge is right

You know whom else gives sworn testimonies?
Liars, people who lie to congress also give sworn testimonies, isn't that glorious.

Is unfortunate that we need to have an entire bureaucracy which its whole purpose is to lie and deceive to conceal its working, but there it is paid and bought with public funds, now you are saying that we should trust professional liars?

Re: Judge is right

Actually, the judge isn't right. The statement itself is not in contradiction with the constitution (even the idea of the government having been granted rights, see the tenth amendment). The statement is incorrect only with regard to the scope it is being applied to, but in context, it is incorrect.

The government can, through a warrant that specifically targets certain data, force you to hand over that data unencrypted. However, the keys themselves along with the entire data stream is no longer "particularly describing the place to be searched, and the ... things to be siezed."

Basically, the government can demand:
Decryption of sessions carried out with certain target IPs within a certain date range and the seizure of email bearing certain addresses as headers from among that data. Just as they cannot demand a key to your house or the combination of your safe, they also cannot demand SSL keys. They are, however, free to demand that you unlock these things with a properly targeted warranty.

The government will complain that it can't compile the necessary information and thus can't prosecute dangerous criminals. Oh well, the system has never been balanced under the idea of maximal enforcement. American ideals place the rights and protection of innocents above enforcing crimes, except those rights specifically reserved to government and enumerated in the constitution as allowed.

Re: Judge is right

That's exactly how the judiciary is supposed to view the executive branch. When the judiciary takes the executive branch at the word no questions asked there can be no meaningful checks on executive power.

Excuse my ignorance, but why would encryption "master keys" even exist? Why even have something the government ask for? "You want to tap our servers? Go for it, everything on there is heavily encrypted. You want the key? Sorry, never had one/it was destroyed as soon as we were done with it"

Re: Re:

Re: Re:

Depends on the system. It's quite possible to have a P2P server ('cloud') arrangement where each peer ('node') broadcasts it's public key and the sender's node sends that. Also, this can be layered so that you can have say, 10 servers hand off the message and just unpeel the 11 layers. This wouldn't protect you against timing attacks or traffic analysis, though. For that, you need randomized onion routing instead of an optimal-path algorithm, and some kind of traffic delay. As in, Freenet. I2P and TOR have the onion routing part, but you have to run a secondary protocol on top, to support random delays at each node. There's always big arguments between developers and their cliques over rather it's better to bake it in to make it noob-proof, or to make it an OSI-style layer, to make it less buggy.

Re:

For some thing like gMail- mail comes in under one SSL key, is decoded, stored and goes out under a second SSL key. The SSL is to secure the data in the pipes not the server. Lavabit kept security on mail differently but still needed away to decode the mail to make it useful.

SSL keys are business records. Business records are not all that protected and can be requested without much more than a Subpoena and I'm not that clear if they need that much. Business records tend to get turned over by business without much of a fuss- Just like phone, bank, credit card transaction records...

The really scary thing here is that the NSA seemed to expect them to be turned over. Does that mean other services (Google, Yahoo!, Verizon....) have been honoring these requests? The evidence indicates that the NSA may be storing data going into and out of sites so they don't need to bother with the companies beyond getting a key to read the mail later.

Re: Re:

Is the code to the bank vault also a business record?

Keys, of any kind, are not records. Further, the word "papers" in the fourth amendment has always included mail and thus naturally extends to email, thus requiring warrants and not subpoenas in at least this instance.

Re: Re: Re: Re:

Re: Re: Re: Re: Re:

A door key is mostly a simple physical object. A cryptographic key is a list of numbers and other characters. It becomes a record in a file.

FWIW A physical key can be represented by a short series of numbers for the depth of the cuts on the key and the blank number. You can get a new car key cut from records easily enough. You could do it with a house key but that record is less likely to be kept.

Where is a scanner w/ OCR when you need one?

Re: Where is a scanner w/ OCR when you need one?

OCR is not a perfect technology. Especially on 4pt text with mixed characters and no "dictionary" words it can check against. It would be just as quick to have the data typed in as it would be to manually check it after OCR.

Take this to a higher level of abstraction the biggest growth industry in the US for the last 20 years has been information technology in the form of companies like Microsoft, Apple, Google, Yahoo, Face Book et.

All of the above companies are known to have provides all US government and many foreign government alphabet soop agencies with backdoors to any and all information.

We have also heard that most of the major back bone teleco companies are also providing equal access.

Translate the one and only major economic bright spot in the world economy has been and is governments' establishment in world wide spy networks on private citizens.

Re:

Translate the one and only major economic bright spot in the world economy has been and is governments' establishment in world wide spy networks on private citizens.

That is not a bright spot, but a parasitic growth, the private citizen pays for all of this spying.
Note any cost and taxes levied on companies get passed up the chain of customers until it arrives at the private citizen.

give it to them

i say give them what they want no one said you had to give it to them in order make it a fun 10000 charater puzzle print one 72 pt letter per page and turn it in by dumping it on the desk of the @sshat whom requested it

Re: give it to them

Re: give it to them

THAT should have been the next response when the rejected the 11 pages of 4pt type. 1 page per character stacked in order such that if they happened to get accidentally out of order while going through them they became absolutely worthless.

Counter argument?

Your honor, sometimes you deem it necessary to seal certain records or transcripts. Assume for a moment that a law has been passed and under that law a large organization may have access to one any of those sealed records for another case.

Because there is only one key to the vault where all records are stored, it is difficult to perform this without compromising everything and you have severe misgivings about this in the first place, but if push comes to shove, you are willing to work with them to make that happen.

However, the argument is made that that is not good enough. You must provide access to every record, *including all future records*, and do it in such a way that it is completely unverifiable whether one record, a few records, or all records have been copied, stored, viewed, or shared with other organizations. Would you be satisfied with that ruling or with an unaccountable and unenforceable statement from one person that none of this will ever happen, despite all evidence to the contrary?

1. Would you be willing to trust that organization to this degree?
2. Would your order to "seal" a record have any real meaning at that point?
3. Could the people that come into your court trust any promises of discretion that you made or would you be effectively lying to them?

As a judge, we presume truth matters to you. Yet you are about to force a private company to not only compromise their entire business model, which is founded on trust, but then to lie about it to their customers through silence or denial.

You must decide whether you will cynically and unquestioningly enforce laws that are moving us farther and farther from "the great experiment" in freedom and representative government that are the foundation of this nation, or whether you will push back against this precipitous descent toward a police state founded on lies and lack of government accountability. As part of the judicial branch of government, this is not only your privilege, it is your sworn duty.

Re: Counter argument?

"However, the argument is made that that is not good enough. You must provide access to every record, *including all future records*, and do it in such a way that it is completely unverifiable whether one record, a few records, or all records have been copied, stored, viewed, modified, or shared with other organizations." FTFYClerics: We put the doctored in doctrine!

Re:

Re: Govt "right" vs. Govt propensity

here's a quote from a Thomas Jefferson letter to John Adams:

If a nation expects to be ignorant and free, in a state of civilization, it expects what never was and never will be. The functionaries of every government have propensities to command at will the liberty & property of their constituents. There is no safe deposit for these but with the people themselves; nor can they be safe with them without information.Where the press is free and every man able to read, all is safe.

Because the government holds your items, whatever they may be, has always meant that those items are not safe nor secure.

Re: Re: Re: Govt "right" vs. Govt propensity

Well, he lived before Mr. Orwell... It's interesting how "independent" AKA noncompliant methods of problem-solving are punished in class, now. No wonder homeschoolers often are way ahead of their peers. You almost couldn't do worse! Of course, they have the occasional 'special' parents that place religion over academics or practical experience. Also, one of the most ironic things about critical thinking, is that as soon as you have an official class for it, it's almost certainly sabotaged.

The narrative about Lavabit takes a bit of a hit in light of providing even 'obfuscated' copies of the key.

OCR does exist and is quite feasible, so there's a period of a few days? where Lavabit was vulnerable, and not shuttered. This makes me wonder about a plausible deniability effort by Levison, only dealing with the issue when that became infeasible. And only closing when there were financial penalties?

It's still admirable, but that fighting image takes a bit of a knock I think.

Re:

"OCR does exist and is quite feasible..."

Unless you know of some magical new OCR technology then OCR is NOT feasible for this type of job. For it to work with 4pt text the OCR software would be very inaccurate. Modern OCR software uses predictive technologies such as dictionary checking, grammar checking, near-neighbor analysis etc in order to get good results. It expects text within certain size constraints in certain fonts and of a certain quality. A SSL key printed at 4pt might get 30-40% accuracy at best. Then you would have to compare each and every character by hand - that means looking at two separate images to make sure the OCR is correct.

Much quicker to have it blown up and have a typist copy it by hand. A good typist could get 98% or above accuracy at a fair speed - and they would not need to look at two separate images.

Disclaimer: I work on the development of a document management system with OCR capabilities and have studied many OCR technologies as part of my work.

Decentralization is the only answer

The vulnerability here is that there was a trusted third-party (Lavabit).

It is much better when the only entities who can give access to the information are the sender and the recipient. The incentives align in this case: the only ones who can access the information are also the ones who are interested in protecting it.

Increasing the use of encryption (HTTPS everywhere) is an important first step, but the goal should be to avoid depending on trusted third-parties in the first place.

Re: Decentralization is the only answer

HSM

Just thought of another thing.

Most people do not use a HSM (Hardware Security Module) with SSL/TLS. Without a HSM, you can be forced to provide the key, like happened with Lavabit.

With a HSM, it is next to impossible. The key never leaves the HSM. And the HSM is designed to erase the key if any attempt is made to tamper with it; usually, the key is kept in RAM, and the HSM has a built-in battery. Cut the battery power, lower the temperature (to increase the RAM retention), drill into the case, all these are actions which a high-quality HSM will detect and erase the key.

They would have to either change the key (detectable with the Certificate Patrol browser extension), plug the HSM into their interceptor (which would become a man-in-the-middle attack), or compromise the server. In any of these situations, they still could not decrypt older traffic, even without forward secrecy.

Re: HSM

You have a good point, but there are problems with HSMs.

First, they're expensive. A good HSM easily can run into the hundred thousand dollar range. Second, you can only have one server terminating all SSL connections. Since the HSM wont let anyone get the key, then the server with the HSM must be able to handle everyone. Then there's the downtime that occurs if the server or HSM ever breaks. They'd need to get a whole new Cert issued.

The big reason why companies don't use Hardware Security Modules to store their SSL keys is the way that HSMs work. In order to make sure the keys never leave the HSM, the HSM itself decrypts all the data. Something that just isn't feasible when dealing with multiple SSL connections.

Re: Re: HSM

Begs for an "IBM-compatibilization" of the HSMs. It also seems like you could get 'good enough' capability, with off-the-shelf parts and an open-source design.

It would need sufficient randomness.It would need tamper resistance.It would need to be reviewed for exploits.It would need reliability (might have to use redundant HSM's).It would need to be less than current HSM's (including TCO).It would need massive storage and processing power.It would need overtly-silent tamper evidence.

This would obviously be a very intensive project with lots of security pitfalls. :/

Re:

4pt characters and random data are effectively impossible to transcribe accurately, or read via an OCR. Note there is nothing within the text to help spot mistakes, as it is a random stream of characters. Also being 4pt, the characters will be subject to blurs and breaks causing misreads. Unlike real text, there is no surrounding context to resolve such issues.
That print out qualifies for a 10 out of 10 for for complying without giving them what they wanted.

Re: Re:

Hmm, doesn't PGP have some kind of checksums on each line? We're talking some kind of Base64-based format, right? If it's hexadecimal and in only one font, then there's only 16 'shapes' for the OCR to know. I wouldn't need better OCR, I'd need better noise filtering to remove gray levels, if I was the one scanning it.

Sounds reasonable

"Yikes. So, even if you set up a secure communication system, this judge says that you have to let the feds wiretap it."

That sounds reasonable to me. The government does need the right to wire tap potential criminals and threats to the US. What's not reasonable is them doing so without a warrant. That's where the checks and balances are. That's what's wrong with what the NSA is doing.

If law enforcement can show probably cause, they should be allowed to wiretap a "target".

What's scary about this case is that the Judge just let them wiretap 400k people for which they don't have warrants for.

The proper response...

to the court's claiming that it was the right of the government to acquire the information regardless of whether the system had been setup to make it difficult would be to then point out that it is also the PUBLIC'S right to acquire the information about the decisions made in it's courts and therefore the court's own argument precludes them from issuing a gag order on the matter.

Why are we even honoring the premise, let alone the argument

We embolden the liberties taken against the Constitutional protection accorded our privacy through years of sacrifice by even discussing the "merits" of such requests. The request had no merit and the judge should be ashamed of a ruling that makes such inroads into personal privacy. These are not his/her opinions that should be written up but the law and how the request is either valid or not valid. Comparing the request submitted to a phone company ROI as opposed to the scattershot request for all traffic traversing a wire is ridiculous and shows how incapably the judges have been prepared to listen to these cases. Uninformed jurists are notoriously easy to sway especially by the doom and gloom the prosecutors cast before them.

A pity that our liberties are being taken away piecemeal by judges and prosecutors paid for with our own taxes. Who stands for our liberty if the folks we pay taxes to are all on the other side of this constitutional debate ??

Judge is absolutely wrong and exceeded his/her mandate

One need only look at New Mexico Mark's arguments and understand how the records in this instance span political and jurisdictional boundaries to understand the danger this ruling puts all future US dealings(individual or otherwise) to foreign government seizure. Lavabits probably saved them from having to find out what it would feel like for China making a parallel "finding" in the case of some company under its territorial jurisdiction(Hong Kong) to hand over ssl keys because of 1 suspicious money transfer and being able to henceforth read all communications say from dissidents or activists. There are things I understand them needing access to and then there is the other stuff that I just don't think they think through regarding precedent, both in the US and internationally.